linse
2d78d47591
Support firewall rules with hostnames.
...
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
Co-Authored-By: Olle Jonsson <olle.jonsson@gmail.com>
Co-Authored-By: hannes <hannes@mehnert.org>
Co-Authored-By: cfcs <cfcs@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
linse
87df5bdcc0
Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
...
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Thomas Leonard
02e515d27c
Merge pull request #95 from hannesm/mirage-nat.2.1.0
...
mirage-nat.2.1.0
2020-02-19 14:27:41 +00:00
Thomas Leonard
65324b4197
Update Dockerfile to get new mirage-nat version
2020-02-19 14:16:49 +00:00
Hannes Mehnert
88fec9fa49
adapt to mirage-nat 2.1.0 API (Nat_packet returns a Fragments.Cache.t - which is now a Lru.F.t)
2020-02-08 15:58:37 +01:00
Hannes Mehnert
554e73a46d
cleanup: remove exception cases during Ethernet decode / Nat.of_ipv4_packet - they do not raise exceptions anymore
2020-02-08 15:55:32 +01:00
Thomas Leonard
0ced0ee901
Merge pull request #91 from xaki23/mirage-3.7-qb
...
support mirage-3.7 via qubes-builder
2020-01-14 14:50:22 +00:00
Thomas Leonard
16581b1e2e
Merge pull request #90 from talex5/cleanup
...
Minor cleanups
2020-01-14 12:54:48 +00:00
xaki23
e68962ac48
support mirage-3.7 via qubes-builder
2020-01-13 20:48:46 +01:00
Thomas Leonard
8e714c7712
Removed unreachable Lwt.catch
...
Spotted by Hannes Mehnert.
2020-01-13 10:05:38 +00:00
Thomas Leonard
ab3508a936
Remove unused Clock argument to Uplink
2020-01-13 09:54:09 +00:00
Thomas Leonard
48b38fa992
Fix Lwt.4.5.0 in the Dockerfile for faster builds
...
Otherwise, it installs Lwt 5 and then has to downgrade it in the next
step.
2020-01-13 09:49:37 +00:00
Thomas Leonard
e851565823
Merge pull request #89 from roburio/mirage-3.7
...
support Mirage 3.7 and mirage-nat 2.0.0
2020-01-13 09:45:04 +00:00
Hannes Mehnert
a734bcd2d3
[ci skip] adjust expected sha256
2020-01-11 16:01:08 +01:00
Hannes Mehnert
730957d19b
upgrade opam repository to current head and mirage to 3.7.4
2020-01-11 15:46:22 +01:00
Hannes Mehnert
28bda78d20
fix deprecation warnings (Mirage_clock_lwt -> Mirage_clock)
2020-01-11 15:46:02 +01:00
Hannes Mehnert
3fc418e80c
qualify all return with Lwt, use Lwt.return_unit where possible
2020-01-11 15:44:30 +01:00
Hannes Mehnert
0f476c4d7b
mirage-nat 2.0.0 and mirage-qubes 0.8.0 compatibility
2020-01-11 15:36:02 +01:00
Hannes Mehnert
c66ee54a9f
revert bc7706cc97
, mirage-xen since 5.0.0 reverted the split of OS into Os_xen
2020-01-11 14:34:25 +01:00
Thomas Leonard
e8f62b8532
Merge pull request #88 from xaki23/pin-mirage-3.5.2
...
pin mirage to 3.5.2 for qubes-builder builds
2019-12-28 19:50:47 +00:00
xaki23
43656be181
pin mirage to 3.5.2 for qubes-builder builds
2019-12-27 23:19:35 +01:00
Thomas Leonard
dab790cb68
Merge pull request #83 from marmot1791/marmot1791-patch-readme
...
Note that AppVM Size may need to increase
2019-12-14 12:05:46 +00:00
Snowy Marmot
dad1f6a723
Update per review
...
Update with suggested wording per talex5
2019-12-14 00:24:55 +00:00
Snowy Marmot
315fe4681e
Note that AppVM Size may need to increase
...
Add note that AppVM used to build from source may need a private image larger than the default 2048MB.
2019-11-27 16:01:58 +00:00
Thomas Leonard
706be3d823
Merge pull request #81 from talex5/upstream-updates
...
Fix build
2019-11-18 09:46:14 +00:00
Thomas Leonard
930d209cdb
Fix build
...
- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
1.4.0 with new code. This was rejected by the checksum test.
Fixed by updating to the latest opam-repository.
See: https://github.com/ocaml/opam-repository/pull/15294
- The latest opam-repository pulls in mirage 3.7, which doesn't work
(`No available version of mirage-clock satisfies the constraints`), so
pin the previous mirage 3.5.2 version instead.
- Mirage now generates `.merlin`, so remove it from Git.
2019-11-17 14:33:56 +00:00
Thomas Leonard
32e4b8a31a
Merge pull request #80 from talex5/upstream-updates
...
Upstream updates
2019-08-25 19:09:54 +01:00
Thomas Leonard
49195ed5e1
Update Docker build for new mirage-xen
...
Also, switched to the experimental new OCurrent images, as they are much
smaller:
- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now: 309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
2019-08-25 19:01:22 +01:00
xaki23
bc7706cc97
rename things for newer mirage-xen versions
2019-08-25 18:12:59 +02:00
xaki23
3fefba21a7
bump OCAML_VERSION to 4.08.1
2019-08-25 18:12:17 +02:00
Thomas Leonard
b8a310dfa6
Merge pull request #75 from talex5/upstream-updates
...
Update to latest ipaddr
2019-07-28 17:48:09 +01:00
xaki23
cac3e53be1
README: create the symlink-redirected docker dir
...
Otherwise, installing the docker package removes the dangling symlink.
2019-07-28 17:35:59 +01:00
Thomas Leonard
ce29c09f0f
Show final sha256 checksum in Travis output
2019-07-28 17:08:10 +01:00
Thomas Leonard
8b411db751
Removed some hard-coded installs from Dockerfile
...
There's no advantage to installing these manually, and with the current
version of mirage they had to be downgraded again in the next step.
2019-07-28 16:49:16 +01:00
xaki23
16231e2e52
Adjust to ipaddr-4.0.0 renaming _bytes to _octets
2019-07-28 16:49:04 +01:00
xaki23
cb6d03d83d
Use OCaml 4.08.0 for qubes-builder builds (was 4.07.1)
2019-07-28 16:43:04 +01:00
Thomas Leonard
aeaab0f078
Merge pull request #72 from talex5/unpin-netchannel
...
Remove netchannel pin
2019-06-22 15:34:30 +01:00
Thomas Leonard
f9856a3605
Remove netchannel pin
...
Version 1.11.0 has been released now, and the current trunk doesn't
build without updating other things. The error was:
File "lib/xenstore.ml", line 165, characters 19-34:
Error: The module OS is an alias for module Os_xen, which is missing
ocamlopt lib/.netchannel.objs/native/netchannel__Backend.{cmx,o} (exit 2)
(cd _build/default && /home/opam/.opam/4.07/bin/ocamlopt.opt -w -40 -g -I lib/.netchannel.objs/byte -I lib/.netchannel.objs/native -I /home/opam/.opam/4.07/lib/base/caml -I /home/opam/.opam/4.07/lib/bigarray-compat -I /home/opam/.opam/4.07/lib/bytes -I /home/opam/.opam/4.07/lib/cstruct -I /home/opam/.opam/4.07/lib/fmt -I /home/opam/.opam/4.07/lib/io-page -I /home/opam/.opam/4.07/lib/io-page-x[...]
File "lib/backend.ml", line 23, characters 16-29:
Error: The module OS is an alias for module Os_xen, which is missing
Reported by ronpunz in https://groups.google.com/forum/#!topic/qubes-users/PsYUXvypPDs
2019-06-22 14:57:04 +01:00
Thomas Leonard
e7eb4412ed
Merge pull request #71 from talex5/remove-cmdliner-pin
...
Remove cmdliner pin as 1.0.4 is now released
2019-06-22 14:40:44 +01:00
Thomas Leonard
d36ecf96af
Remove cmdliner pin as 1.0.4 is now released
...
Reverts 06511e076f
2019-06-15 12:57:37 +01:00
Thomas Leonard
448ba654fb
Merge pull request #69 from jaseg/patch-1
...
Fix ln(1) call in build instructions
2019-05-31 09:06:09 +01:00
jaseg
0a4b01a841
Fix ln(1) call in build instructions
...
The arguments were backwards. [```ln``` takes the link target first, then the link name](https://linux.die.net/man/1/ln ).
2019-05-31 12:50:33 +09:00
yomimono
7d22eafa59
Merge pull request #68 from talex5/updatevm
...
Note that mirage-firewall cannot be used as UpdateVM
2019-05-29 17:55:25 -05:00
yomimono
0c571a0601
Merge pull request #67 from talex5/fix-typo
...
Fix typos in docs
2019-05-29 17:54:51 -05:00
Thomas Leonard
3ab7284a64
Note that mirage-firewall cannot be used as UpdateVM
...
Reported at: https://groups.google.com/forum/#!topic/qubes-users/YPFtbwyoUjc
2019-05-29 15:25:10 +01:00
Thomas Leonard
de7d05ebfa
Fix typos in docs
2019-05-29 09:01:08 +01:00
yomimono
adb451e7e3
Merge pull request #66 from talex5/add-changelog
...
Add CHANGELOG
2019-05-28 15:25:48 -05:00
Thomas Leonard
ee97d67c84
Add CHANGELOG
...
Older entries are imported from the release notes. The 0.6 ones are from
the Git commits.
2019-05-28 21:09:52 +01:00
yomimono
c55819ffdf
Merge pull request #64 from talex5/combine-ips
...
Combine Client_gateway and Firewall_uplink
2019-05-16 18:03:59 -04:00
Thomas Leonard
672c82c43c
Combine Client_gateway and Firewall_uplink
...
Before, we used Client_gateway for the IP address of the firewall on the
client network and Firewall_uplink for its address on the uplink
network. However, Qubes 4 uses the same IP address for both, so we can't
separate these any longer, and there doesn't seem to be any advantage to
keeping them separate anyway.
2019-05-16 19:30:51 +01:00